Earlier this month, when F-Secure publicly revealed the existence of two vulnerabilities affecting SaltStack Salt and attackers started actively exploiting them, Cisco was among the victims.
The revelation was made on Thursday, when Cisco published an advisory saying that, on May 7, 2020, they’ve discovered the compromise of six of their salt-master servers, which are part of the Cisco VIRL-PE (Internet Routing Lab Personal Edition) service infrastructure.
SaltStack Salt is open source software that is used for managing and monitoring servers in datacenters and cloud environments. It is installed on a “master” server and it manages “minion” servers via an API agent.
The two recently revealed vulnerabilities – CVE-2020-11651 (an authentication bypass flaw) and CVE-2020-11652 (a directory traversal flaw) – can be exploited by unauthenticated, remote attackers to achieve RCE as root on both masters and minions.
Read more: Help Net Security